Cryptology ePrint Archive: Report 2014/997

Abstract: Oblivious RAM (ORAM) is a cryptographic primitive
that hides memory access patterns as seen by untrusted
storage. This paper proposes Ring ORAM, the most
bandwidth-efficient ORAM scheme for the small client
storage setting in both theory and practice. Ring ORAM
is the first tree-based ORAM whose bandwidth is independent
of the ORAM bucket size, a property that
unlocks multiple performance improvements. First,
Ring ORAMís overall bandwidth is 2.3x to 4x better
than Path ORAM, the prior-art scheme for small client
storage. Second, if memory can perform simple untrusted
computation, Ring ORAM achieves constant online
bandwidth (~60x improvement over Path ORAM
for practical parameters). As a case study, we show Ring
ORAM speeds up program completion time in a secure
processor by 1.5x relative to Path ORAM. On the theory
side, Ring ORAM features a tighter and significantly
simpler analysis than Path ORAM.